Analysts, journalists, and industry experts forecast the Internet of Things (IoT) to be an evolutionary shift, with some referring to it as part of a second machine age. Others say it’s a convergence of the digital world and the physical one. Some even say IoT is a dispensable misnomer, because it’s really just the Internet plus a thing called embedded systems.
Call it whatever, but to those concerned about privacy and security IoT can bring an imposing concern, which is the billions of connectable devices spurring exponentially growth in the nexus that connects all the things.
While IT and security professionals have little choice but to acknowledge and plan for IoT’s arrival, it is always helpful to first define what “it” is.
IoT for the Uninitiated
The Internet has always connected things, like a PC and an e-mail server for example. The Internet of Things now connects whole classes of new things and allows us to interact, manage, and learn from them.
What’s driving the possibility for things like GPS trackable luggage and talking refrigerators is the reducing size and price of sensors and actuators, and the reapplication of old tech to new tech. It’s not a new Internet. It’s a bricolage of technologies and devices that now operate on the Internet we all currently use.
Regardless of specific devices, three characteristics typically comprise IoT devices:
- Connectivity–whether it is inherent to the device, or an add-on feature via WiFi, 4G, NFC, Bluetooth, ZigBee, etc.
- Something it can measure or track or communicate
- An ability to control or access the thing–or its data–remotely.
Not all devices possess all three, and many devices can do a lot more. But if it uses power, physically moves, takes input, or has a potential to communicate any useful information, it can be an IoT device.
Take an ordinarily inanimate object, like a shoe–for example. Add some sensors and an app to read what it captures, and suddenly it becomes an object with a compelling story. Same old shoe, but now it can answer loads of important questions. How many steps per day does this shoe take? How much pressure from heel to foot does the shoe experience? What is the current treadwear? What flavor gum was that on the sidewalk?
IoT and Security
Though the phrase has been deemed as overhyped, IoT’s established and growing presence in the enterprise network space demands attention, because the devices that comprise IoT typically have not been included in company security policies.
Billions of newly connected devices mean as many new endpoints security professionals have to monitor, and a whole genus of new devices for IT detect and manage.
During the International Conference on Cyber Engagement at Georgetown, In-Q-Tel CISO Dan Geer, put the scale of protecting IoT into perspective. “If perimeter control is to remain the paradigm of cybersecurity, then the number of perimeters to defend in the Internet of Things is doubling every 17 months,” he said.